1 package org.apache.turbine.util;
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2001 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" and
29 * "Apache Turbine" must not be used to endorse or promote products
30 * derived from this software without prior written permission. For
31 * written permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * "Apache Turbine", nor may "Apache" appear in their name, without
35 * prior written permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57 import org.apache.turbine.om.security.Permission;
58 import org.apache.turbine.om.security.Role;
59 import org.apache.turbine.services.security.TurbineSecurity;
60
61 /***
62 * Utility for doing security checks in Screens and Actions.
63 *
64 * Sample usage:<br>
65 *
66 * <code>
67 * SecurityCheck mycheck =
68 * new SecurityCheck(data, "Unauthorized to do this!", "WrongPermission");
69 * if ( !mycheck.hasPermission("add_user");
70 * return;
71 *</code>
72 *
73 * @author <a href="mailto:mbryson@mindspring.com">Dave Bryson</a>
74 * @version $Id: SecurityCheck.java,v 1.1.1.1 2001/08/16 05:09:41 jvanzyl Exp $
75 */
76 public class SecurityCheck
77 {
78 private String message;
79 private String failScreen;
80 private RunData data = null;
81
82 /***
83 * Constructor.
84 *
85 * @param data A Turbine RunData object.
86 * @param message The message to display upon failure.
87 * @param failedScreen The screen to redirect to upon failure.
88 */
89 public SecurityCheck(RunData data,
90 String message,
91 String failedScreen)
92 {
93 this.data=data;
94 this.message=message;
95 this.failScreen=failedScreen;
96 }
97
98 /***
99 * Does the user have this role?
100 *
101 * @param role A Role.
102 * @return True if the user has this role.
103 * @exception Exception, a generic exception.
104 */
105 public boolean hasRole(Role role)
106 throws Exception
107 {
108 boolean value = false;
109 if ( data.getACL() == null ||
110 !data.getACL().hasRole(role) )
111 {
112 data.setScreen(failScreen);
113 data.setMessage(message);
114 }
115 else
116 {
117 value = true;
118 }
119 return value;
120 }
121
122 /***
123 * Does the user have this role?
124 *
125 * @param role A String.
126 * @return True if the user has this role.
127 * @exception Exception, a generic exception.
128 */
129 public boolean hasRole(String role)
130 throws Exception
131 {
132 return hasRole( TurbineSecurity.getRole(role) );
133 }
134
135 /***
136 * Does the user have this permission?
137 *
138 * @param permission A Permission.
139 * @return True if the user has this permission.
140 * @exception Exception, a generic exception.
141 */
142 public boolean hasPermission(Permission permission)
143 throws Exception
144 {
145 boolean value = false;
146 if ( data.getACL() == null ||
147 !data.getACL().hasPermission(permission) )
148 {
149 data.setScreen(failScreen);
150 data.setMessage(message);
151 }
152 else
153 {
154 value = true;
155 }
156 return value;
157 }
158
159 /***
160 * Does the user have this permission?
161 *
162 * @param permission A String.
163 * @return True if the user has this permission.
164 * @exception Exception, a generic exception.
165 */
166 public boolean hasPermission(String permission)
167 throws Exception
168 {
169 return hasPermission( TurbineSecurity.getPermission(permission) );
170 }
171
172 /***
173 * Get the message that should be displayed. This is initialized
174 * in the constructor.
175 *
176 * @return A String.
177 */
178 public String getMessage()
179 {
180 return message;
181 }
182
183 /***
184 * Get the screen that should be displayed. This is initialized
185 * in the constructor.
186 *
187 * @return A String.
188 */
189 public String getFailScreen()
190 {
191 return failScreen;
192 }
193 }
This page was automatically generated by Maven